CyberSecurity Reactions
Earlier this week, our esteemed Founder and CEO participated on the panel of experts at the NPRA CyberSecurity conference. This was the first event of it
s kind hosted by the NPRA for the petroleum, petrochemical and chemical industries.
What we learned there validated our thinking.
The focus today by all the other vendors is on intrusion prevention. They think it’s all about detecting the hacker. But that’s just part of the story. Intrusion prevention does nothing about how to figure out what the hacker did or how to recover.
There’s great joy on signing the deed, but then big headaches as you try to figure out what work needs to be done and even more problems in figuring out how to pay for it.
All this after the initial signing party on catching such a deal.
Prudence suggests that we think beyond just noticing that the hacker came to visit. We need to be prepared to assess the damage and implement a recovery plan.
But maybe the IT folks focused on CyberSecurity think that isn’t their problem – they’ll just leave those nasty post-detection tasks to the control guys. After all, IT is now the hero for keeping the bad guys out, aren’t they?
Now try asking the average control engineer how they get these nasty post-detection tasks done… After all, hasn’t IT told them everything they need to know?
The first issue is finding out what was impacted.
Ask the control engineer what tools he/she has to scan for unauthorized changes across all the automation infrastructure – from the PLC & DCS to real-time database and advanced apps. You’ll almost certainly get a blank look…
And when you probe further to find out what kind of backups he/she has for the automation assets at the plant, you’ll probably find out that the backups date from 1-6 months ago.
Ouch! That makes for a pretty tough recovery process. Especially if any sort of regular maintenance or upgrade work has been going on…
Now I don’t want to pick on control engineers (I used to be one), but the truth is that there is generally a pretty lax approach to automation system backups. (Lots of our friends found this out the hard way after Hurricanes Katrina or Rita.)
So a good solution would be to implement an automatic backup for all automation assets, and sprinkle in some multi-platform change tracking??
That would surely help solve the problem…
Some call that CyberSecurity Parts 2 & 3 – the “other” (more important?) part of the problem.
We call it Integrity.
Don’t operate you plant without it.
© Copyright PAS 2006. No part of this blog is to be copied in full or in part without the express written permission of PAS; but references and web links are more than OK!
Comments